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DETAILED ACTION 

1. Claims 1-31 have been examined. 

Priority 

2. Examiner is aware that this application claims priority of U.S. Provisional 
Application No. 60/478,748, filed June 16, 2003. 



Claim Rejections - 35 USC § 101 

3. 35 U. S C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, 
manufacture, or composition of matter, or any new and useful improvement 
thereof, may obtain a patent therefor, subject to the conditions and requirements 
of this title. 

4. Claims 12, 18, 23 and 28-31 are rejected under 35 U.S.C. 101 because the 
claimed invention is directed to non-statutory subject matter. 

With respect to claims 12, 18, 23 and 28-31, the "computer readable medium," 
in accordance with Applicant's specification, is modulated data, such as carrier waves 
on page 19, lines 4-5 of the specification. This subject matter is not limited to that which 
falls within a statutory category of invention because it is not limited to a process, 
machine, manufacture, or a composition of matter. Instead, it includes a form of energy. 
Energy does not fall within a statutory category since it is clearly not a series of steps or 
acts to constitute a process, not a mechanical device or combination of mechanical 
devices to constitute a machine, not a tangible physical article or object which is some 
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form of matter to be a product and constitute a manufacture, and not a composition of 
two or more substances to constitute a composition of matter. 

Claim Rejections - 35 USC § 102 

5. The following is a quotation of the appropriate paragraphs of 35 U.S. C. 102 that 
form the basis for the rejections under this section made in this Office action: 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public 
use or on sale in this country, more than one year prior to the date of application for patent in the United 
States. 

6. Claims 1-9, 11-18, 28 and 30-31 are rejected under 35 U.S.C. 102(b) as being 
anticipated by Gatz et al. (U.S. Pub. No. 2002/0049806) 

As per claim 1, Gatz et al. discloses a method comprising: 

identifying a selected permission level associated with a child's access to 
a Web server (e.g. paragraph [0014]); 

obtaining a relationship ticket from an authentication server (e.g. abstract, 
paragraph [0015], Fig. 3 and Fig. 4); 

generating a request to set the selected permission level (e.g. paragraph 
[0058], [0060] and [0066]-[0069]); 

sending the request and the relationship ticket to the Web server (e.g. fig. 
12, paragraph [0069] and [0071]); and 

receiving a success code from the Web server if the selected permission 
level is established (e.g. paragraph [0070]). 
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As per claim 2, Gatz et al. discloses a method as applied above in claim 1. Gatz 
et al. further discloses including receiving a failure notification from the Web server if the 
selected permission level is not established (e.g. paragraph [0084]). 

As per claims 3 and 4, Gatz et al. discloses a method as applied above in claim 
1 . Gatz et al. further discloses wherein sending the request to the Web server includes 
using an untrusted/unsecure connection with the Web server ("HTTP" - e.g. paragraph 
[0044] and [0045]). 

As per claim 5, Gatz et al. discloses a method as applied above in claim 1 . Gatz 
et al. further discloses wherein the relationship ticket is encrypted by the authentication 
server ("...the user might select to verify account control requirements 92 over a secure 
network connection using, for example, SSL (Secure Socket Layer) or the like" - e.g. 
paragraph [0062]. Please note to a person in the ordinary skill in the art that SSL uses 
cryptographic system that uses two keys to encrypt data) 

As per claim 6, Gatz et al. discloses a method as applied above in claim 1 . Gatz 
et al. further discloses wherein the selected permission level is established if the 
relationship ticket is authenticated (e.g. abstract and claim 1 ). 
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As per claim 7, Gatz et al. discloses a method as applied above in claim 1. Gatz 
et al. further discloses wherein the relationship ticket includes the child's identity (e.g. 
fig. 3 and fig. 4). 

As per claim 8, Gatz et al. discloses a method as applied above in claim 1. Gatz 
et al. further discloses wherein the relationship ticket includes a parent's identity (e.g. 
fig. 3 and fig. 4). 

As per claim 9, Gatz et al. discloses a method as applied above in claim 1 . Fig. 
3 and fig. 4 of Gatz et al. further discloses wherein the relationship ticket includes: 
the child's identity; 
a parent's identity; and 

a relationship between the child and the parent. 

As per claim 11, Gatz et al. discloses a method as applied above in claim 1 . 
Gatz et al. further discloses wherein selecting a permission level associated with a 
child's usage of a web site is performed by a parent of the child (e.g. paragraph [0014]). 

As per claim 12, Gatz et al. discloses the claimed method of steps as applied 
above in claim 1 . Therefore, Gatz et al. discloses the claimed computer program 
embodied in one or more computer-readable memories for carrying out the method of 
steps. 
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As per claim 13, it is rejected using the same rationale as for the rejection of 
claim 4. 

As per claim 14, it is rejected using the same rationale as for the rejection of 
claim 5. 

As per claim 15, Gatz et al. discloses a method as applied above in claim 13. 
Gatz et al. further discloses wherein the relationship ticket is encrypted by the 
authentication server, and wherein the relationship ticket is decrypted by the Web 
server ("...the user might select to verify account control requirements 92 over a secure 
network connection using, for example, SSL (Secure Socket Layer) or the like" - e.g. 
paragraph [0062]. Please note to a person in the ordinary skill in the art that SSL uses 
cryptographic system that uses two keys to encrypt data and the data must be 
decrypted since it is encrypted) 

As per claim 16, Gatz et al. discloses a method as applied above in claim 13. 
Gatz et al. further discloses wherein the user is an employee and the permission level is 
selected by an employer of the employee (e.g. paragraph [0013]). 

As per claim 17, Gatz et al. discloses a method as applied above in claim 16. 
Gatz et al. further discloses wherein the relationship ticket includes the employee's 
identity and the employer's identity ("It should be understood that a "parent-child" 
relationship as described herein is not only familial as to human beings, but also is 
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taxonomic as to hierarchical arrangement of account" - e.g. paragraph [0014], [0013], 
fig. 3 and fig. 4). 

As per claim 18, Gatz et al. discloses the claimed method of steps as applied 
above in claim 13. Therefore, Gatz et al. discloses the claimed computer program 
embodied in one or more computer-readable memories for carrying out the method of 
steps. 

As per claim 28, Gatz et al. discloses one or more computer-readable media 
having stored thereon a computer program that, when executed by one or more 
processors, causes the one or more processors to: 

select a permission level associated with an associate's access to a Web 
server (e.g. paragraph [0014]); 

obtain a relationship ticket from an authentication server (e.g. abstract, 
paragraph [0015], Fig. 3 and Fig. 4); 

generate a request to set the selected permission level (e.g. paragraph [0058], 
[0060] and [0066]-[0069]); 

send the request and the relationship ticket to the Web server (e.g. fig. 12, 
paragraph [0069] and [0071]) via an unsecure communication link ("HTTP" - e.g. 
paragraph [0044] and [0045]); 

receive a success code from the Web server if the requested permission 
level is established (e.g. paragraph [0070]). 
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As per claim 30, Gatz et al. discloses one or more computer-readable media as 
recited in claim 28. Gatz et al. further discloses wherein the relationship ticket includes 
the associate's identity ("It should be understood that a "parent-child" relationship as 
described herein is not only familial as to human beings, but also is taxonomic as to 
hierarchical arrangement of account" - e.g. paragraph [0014], [0013], fig. 3 and fig. 4). 

As per claim 31, Gatz et al. discloses one or more computer-readable media as 
recited in claim 28. Gatz et al. further discloses wherein the relationship ticket includes 
a manager's identity ("It should be understood that a "parent-child" relationship as 
described herein is not only familial as to human beings, but also is taxonomic as to 
hierarchical arrangement of account' - e.g. paragraph [0014], [0013], fig. 3 and fig. 4). 

Claim Rejections - 35 USC § 103 

7. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed 'or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

8. The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 
USPQ 459 (1966), that are applied for establishing a background for determining 
obviousness under 35 U.S.C. 103(a) are summarized as follows: 

1 . Determining the scope and contents of the prior art. 
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2. Ascertaining the differences between the prior art and the claims at issue. 

3. Resolving the level of ordinary skill in the pertinent art. 

4. Considering objective evidence present in the application indicating 
obviousness or nonobviousness. 

9. This application currently names joint inventors. In considering patentability of 

the claims under 35 U.S.C. 103(a), the examiner presumes that the subject matter of 
the various claims was commonly owned at the time any inventions covered therein 
were made absent any evidence to the contrary. Applicant is advised of the obligation 
under 37 CFR 1 .56 to point out the inventor and invention dates of each claim that was 
not commonly owned at the time a later invention was made in order for the examiner to 
consider the applicability of 35 U.S.C. 103(c) and potential 35 U.S.C. 102(e), (f) or (g) 
prior art under 35 U.S.C. 103(a). 

10. Claim 10 is rejected under 35 U.S.C. 103(a) as being unpatentable over Gatz et 
al. in view of Examiner's Official Notice. 

As per claim 10, Gatz et al. discloses the authentication server in claim 1 . It is 
well known in the art that an authentication server can be a .NET Passport server. 

Therefore it would have been obvious to one of ordinary skill in the art at the time 
of the invention in light of Gatz et al. to incorporate the authentication server as a .NET 
Passport server motivated by providing convenience to clients by using a single sign-on 
service. 

11. Claims 19-27 and 29 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Gatz et al. in view of Rezvani et al. (U.S. Patent No. 7,085,937). 

As per claim 19, Gatz et al. discloses a method, comprising: 



Application/Control Number: 10/674,105 Page 10 

Art Unit: 2135 

identifying a modified permission level associated with a user's access to 
a Web service (e.g. paragraph [0067], [0068], [0069]); 

obtaining a relationship ticket from an authentication server (e.g. abstract, 
paragraph [0015], Fig. 3 and Fig. 4); 

generating a request to modify the selected permission level associated 
with the user's access to the Web service (e.g. paragraph [0067], [0068], [0069]); 

sending the request and the relationship ticket to the Web service fig. 12, 
paragraph [0069] and [0071]) via an unsecure connection ("HTTP" - e.g. 
paragraph [0044] and [0045]); and 

receiving a success code from the Web service if the modified permission 
level is established (e.g. paragraph [0070]). 

Gatz et al. does not disclose expressly the relationship ticket is encrypted. 

Rezvani et al. discloses encrypting data in an unsecure connection, (e.g. 

abstract). 

Gatz et al. and Rezvani et al. are analogous art because they are from the 
same field of endeavor of transmitting data in an unsecure connection. 

At the time of the invention it would have been obvious to a person of 
ordinary skill in the art to incorporate encryption in the Gatz et al.'s method in an 
unsecure connection. 

The motivation for doing so would have-been to "efficiently authenticating 
data from a user transmitting over an unsecure network that requires both low 
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processing overhead, yet still prevents a third-party from impersonating the data from a 
legitimate user", as taught by Rezvani et al. (col. 2, lines 41-45) 

As per claim 20, the combined teachings of Gatz et al. and Rezvani et al. 
disclose a method as applied above in claim 19. Gatz et al. further discloses 
comprising receiving a failure notification from the Web service if the modified 
permission level is not established (e.g. paragraph [0084]). 

As per claim 21, the combined teachings of Gatz et al. and Rezvani et al. 
disclose a method as applied above in claim 19. Gatz et al. further discloses wherein 
the modified permission level is established if the encrypted relationship ticket is 
authenticated by the Web service (e.g. claim 1 and abstract). 

As per claim 22, the combined teachings of Gatz et al. and Rezvani et al. 
disclose a method as applied above in claim 19. Gatz et al. further discloses wherein 
the encrypted relationship ticket includes the user's identity (e.g. fig- 3 and 4). 

As per claim 23, the combined teachings of Gatz et al. and Rezvani et al. 
disclose the claimed method of steps as applied above in claim 19. Therefore, the 
combined teachings of Gatz et al. and Rezvani et al. disclose the claimed computer 
program embodied in one or more computer-readable memories for carrying out the 
method of steps. 
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As per claim 24, Gatz et al. discloses an apparatus, comprising: 

an interface to receive requests to establish Web access permissions via 
an unsecure communication link (e.g. paragraph [0044]-[0045] and fig. 6-10); 

a storage device to store manager-associate relationship information (e.g. 
paragraph [0014]); and 

a processor coupled to the interface and the storage device, the processor 
to receive a relationship ticket from a client device and the processor further to 
authenticate the relationship ticket and establish the requested Web access 
permissions if the relationship ticket is authenticated (e.g. claims 1 and 32, 
abstract, paragraph [0015], Fig. 3 and Fig. 4). 

Gatz et al. does not disclose expressly the relationship ticket is encrypted 
by the authentication server and decrypted by the Web server. 

Rezvani et al. discloses encrypting/decrypting data in an unsecure 
connection, (e.g. abstract). 

Gatz et al. and Rezvani et al. are analogous art because they are from the 
same field of endeavor of transmitting data in an unsecure connection. 

At the time of the invention it would have been obvious to a person of 
ordinary skill in the art to incorporate encryption/decryption in the Gatz et al.'s 
method in an unsecure connection. 

The motivation for doing so would have been to "efficiently authenticating 
data from a user transmitting over an unsecure network that requires both low 
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processing overhead, yet still prevents a third-party from impersonating the data 
from a legitimate user", as taught by Rezvani et al. (col. 2, lines 41-45) 



As per claim 25, the combined teachings of Gatz et al. and Rezvani et al. 
disclose an apparatus as applied above in claim 24. Gatz et al. further discloses 
wherein the processor is further to generate a success code if the relationship 
ticket is authenticated (e.g. paragraph [0070]). 

As per claim 26, the combined teachings of Gatz et al. and Rezvani et al. 
disclose an apparatus as applied above in claim 24. Gatz et al. further discloses 
wherein the processor is to generate a failure notification if the relationship ticket 
is not authenticated (e.g. paragraph [0084]). 

As per claim 27, the combined teachings of Gatz et al. and Rezvani et al. 
disclose an apparatus as applied above in claim 24. Gatz et al. further discloses 
wherein the storage device stores Web access permission information (e.g. fig. 4, 
5, paragraph [0054], [0057]-[0059]). 

As per claim 29, Gatz et al. discloses one or more computer-readable 
media as recited in claim 28. 
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Gatz et al. does not disclose expressly the relationship ticket is encrypted 
by the authentication server and decrypted by the Web server. 

Rezvani et al. discloses encrypting/decrypting data in an unsecure 
connection, (e.g. abstract). 

Gatz et al. and Rezvani et al. are analogous art because they are from the 
same field of endeavor of transmitting data in an unsecure connection. 

At the time of the invention it would have been obvious to a person of 
ordinary skill in the art to incorporate encryption/decryption in the Gatz et al.'s 
method in an unsecure connection. 

The motivation for doing so would have been to "efficiently authenticating 
data from a user transmitting over an unsecure network that requires both low 
processing overhead, yet still prevents a third-party from impersonating the data 
from a legitimate user, as taught by Rezvani et al. (col. 2, lines 41-45) 

Conclusion 

12. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. (See PTO -892) 
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Contact Information 



Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to April Y. Shan whose telephone number is (571 ) 270- 
1014. The examiner can normally be reached on Monday - Friday, 8:00 a.m. - 5:00 
p.m., EST. 

If attempts to.reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kim Y. Vu can be reached on (571) 272-3859. The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
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